Modeling Large S-box in MILP and a (Related-Key) Differential Attack on Full Round PIPO-64/128

被引:3
作者
Yadav, Tarun [1 ]
Kumar, Manoj [1 ]
机构
[1] DRDO, Sci Anal Grp, Metcalfe House Complex, Delhi 110054, India
来源
SECURITY, PRIVACY, AND APPLIED CRYPTOGRAPHY ENGINEERING, SPACE 2022 | 2022年 / 13783卷
关键词
Block cipher; Differential cryptanalysis; Lightweight cryptography; MILP; S-box; CRYPTANALYSIS;
D O I
10.1007/978-3-031-22829-2_1
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The differential characteristic search problem is converted into mixed integer linear programming (MILP) model to get the bound against differential attack. The difference distribution table is used to write the linear inequalities for MILP modeling of S-box. To construct a reduced set of such inequalities, we present the approaches based on Quine-McCluskey(QM) and Espresso algorithms that are used for active S-box minimization and probability optimization respectively. These approaches are used to search the differential characteristics for lightweight block cipher PIPO-64/128. There are 20621 inequalities in 23 variables corresponding to possible difference transitions in the DDT and these are minimized to 6035 inequalities. MILP model based on these inequalities is used to optimize the probability of differential and impossible differential characteristics for PIPO-64/128 reduced to 9 and 4 rounds respectively. We construct an iterative 2-round related-key differential characteristic with the probability of 2(-4) and that is used to present a full round related-key differential distinguisher with the probability of 2(-24). We develop a key recovery attack using related keys on full round PIPO-64/128 with the data complexity of 2(32). We present a major collision in PIPO-64/128 which produces the same ciphertext (C) by encrypting the plaintext (P) under two different keys.
引用
收藏
页码:3 / 27
页数:25
相关论文
共 35 条
[1]  
Abdelkhalek A, 2017, IACR T SYMMETRIC CRY, V2017, P99, DOI 10.13154/tosc.v2017.i4.99-129
[2]  
Baoyu Zhu, 2019, Topics in Cryptology - CT-RSA 2019. The Cryptographers Track at the RSA Conference 2019. Proceedings: Lecture Notes in Computer Science (LNCS 11405), P372, DOI 10.1007/978-3-030-12612-4_19
[3]   The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS [J].
Beierle, Christof ;
Jean, Jeremy ;
Koelbl, Stefan ;
Leander, Gregor ;
Moradi, Amir ;
Peyrin, Thomas ;
Sasaki, Yu ;
Sasdrich, Pascal ;
Sim, Siang Meng .
ADVANCES IN CRYPTOLOGY (CRYPTO 2016), PT II, 2016, 9815 :123-153
[4]  
BIHAM E, 1991, LECT NOTES COMPUT SC, V537, P2
[5]  
Biham E., 1993, Advances in Cryptology - CRYPTO '92. 12th Annual International Cryptology Conference Proceedings, P487
[6]  
Biham E, 1999, LECT NOTES COMPUT SC, V1592, P12
[7]  
BIHAM E, 1994, J CRYPTOL, V7, P229, DOI 10.1007/BF00203965
[8]  
Bogdanov A, 2007, LECT NOTES COMPUT SC, V4727, P450
[9]  
Bogdanov A., 2009, Analysis and design of block cipher constructions
[10]   Efficient MILP Modelings for Sboxes and Linear Layers of SPN ciphers [J].
Boura, Christina ;
Coggia, Daniel .
IACR TRANSACTIONS ON SYMMETRIC CRYPTOLOGY, 2020, 2020 (03) :327-361